Snort on pfsense: Invalid direct service AppId, 5348

Hey guys,

I have a problem with getting AppId running on snort/pfsense.
The system-log says:
“AppInfo: AppId 5348 is UNKNOWN”
“Invalid direct service AppId, 5348, for 0x808072f60 0x80d7fc700”

snort itself is running and it seems like it’s doing all the basic things.
I tried to figure out how to fix that but I couldn’t find a solution to fix it.

I’ve also checked the current snort version on my pfsense and it says “Newer version available”.
It says I’m running Version 4.1.6, Package Dependencies: snort-2.9.20
Package is configured but not (fully) installed or deprecated

On the homepage it say the current Version is 3.0 but can’t find any information how I update to version 3.0 on pfsense. The Rules in the “Update” section on “Services/Snort/Updates” is up to date but the signature database and software version are two different things i guess.

Can someone help me with this?

Greets,
23

I use Suricata so it’s not an error that I have run into. If no one here has any suggestions post over in https://forum.netgate.com/

Oh, thanks.
Well, this pfsense thing is a bit new for me, so snort is not a must have to me because I have to learn it from new anyway.
If Suricata does the same thing I can use this instead of snort.
I also found this zeek package, is that also for the same purpose, should I check this out too when snort doesn’t work as it should?

The https://zeek.org/ tool works differently and I have not tested it in pfsense.

1 Like

Thx, I watched your suricata video yesterday and now I’m a bit busy with playing around with it.
I also found some comments where people say they use suricata and zeek combined, not sure how much sense that makes (yet).